3.5(2i)

May 7, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.0(4l) qualified for HX 3.5(2i) and 3.5(2h).

3.5(2i)

April 29, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.1(3c) qualified for HX 3.5(2i).

3.5(2i)

March 17, 2021

Updated link to indicate UCSM 4.1(2f) is the recommended Host Upgrade Utility (HUU) for M5 for HX 3.5(2x).

3.5(2i)

March 11, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.0(4k) is the recommended release.

3.5(2i)

February 19, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.1(2c) qualified for HX 3.5(2i) and HX 3.5(2h).

HX Servers

HX220c M5

HX220c AF M5

HX240c M5

HX240c AF M5

HX220c M4

HX220c AF M4

HX240c M4

HX240c AF M4

HX240c-M5L

HX220c M5 Edge

HXAF220c M5 Edge

HX220c M4 Edge

HXAF220c M4 Edge

HXAF220c-M5SN

All NVMe - HXAF220c-M5SN

Not supported with Hyper-V.

HX220c M5

HX220c AF M5

HX240c M5

HX240c-M5L

HX220c M5

HX220c AF M5

HX240c M5

HX240c AF M5

HX240c-M5L

All NVMe - HXAF220c-M5SN

Compute-Only UCS B-Series/C-Series Servers

B200 M5/M4/M3,

B260 M4,

B420 M4,

B460 M4,

B480 M5,

C220 M5/M4/M3,

C240 M5/M4/M3,

C460 M4,

C480 M5

B200 M5/M4/M3,

B260 M4,

B420 M4,

B460 M4,

B480 M5,

C220 M5/M4/M3,

C240 M5/M4/M3,

C460 M4,

C480 M5

—

B200 M5/M4/M3, B260 M4, B420 M4, B460 M4, B480 M5, C220 M5/M4/M3, C240 M5/M4/M3, C460 M4, C480 M5

C240 M5, C220 M5, B200 M4, B200 M5

C220 M5,C240 M5, B200 M4, B200 M5

B200 M5/M4/M3, B260 M4, B420 M4, B460 M4, B480 M5, C220 M5/M4/M3, C240 M5/M4/M3, C460 M4, C480 M5

B200 M5/M4/M3, B260 M4, B420 M4, B460 M4, B480 M5, C220 M5/M4/M3, C240 M5/M4/M3, C460 M4, C480 M5,

B200 M5/M4/M3, B260 M4, B420 M4, B460 M4, B480 M5, C220 M5/M4/M3, C240 M5/M4/M3, C460 M4, C480 M5,

Supported Nodes

Converged and Compute-only nodes

HXDP-S Licensed Node Limits

1:1 ratio of HXDP-S to Compute only nodes

(Min—Max)

Converged nodes:3-32 (7.6TB drive configs on HX 240c AF M5 require HX 4.0(2c) release for full scale) Compute only nodes: 0-32

Compute-only nodes: 0-32

Converged nodes:3-16 (12TB drive is limited to a maximum of 8 nodes)

Compute-only nodes: 0-16 (12TB drive is limited to a maximum of 8 nodes)

M4 Converged nodes: 3

M5 Converged nodes: 2,3,or 4

Requires HXDP-E License

N/A (requires Enterprise HXDP-P License)

Converged nodes: 3-16

Compute-only nodes: 0-16

Converged nodes: 3-16 (12TB HDD option is not supported for HyperV)

Compute-only nodes: 0-16

N/A (requires Enterprise HXDP-P License)

N/A (requires Enterprise HXDP-P License)

N/A (requires Enterprise HXDP-P License)

HXDP-P Licensed Node Limits

1:2 ratio of HXDP-P to Compute only nodes

(Min—Max)

Converged nodes:3-32 (7.6TB drive configs on HX 240c AF M5 require HX 4.0(2c) release for full scale) Compute only nodes: 0-32 (up to max cluster size)

Compute-only nodes: 0-32

(up to max cluster size)

Converged nodes:3-16 (12TB drive is limited to a maximum of 8 nodes)

Compute-only nodes: 0-32 (12TB drive is limited to a maximum of 16 nodes)

Converged nodes: 3

(requires HXDP-E License)

Converged nodes: 3-32

Compute Only nodes: 0-32

(up to max cluster size)

Converged nodes: 3-16

Compute-only nodes: 0-16

Converged nodes: 3-16 (12TB HDD option is not supported for HyperV)

Compute-only nodes: 0-16

Converged nodes: 2-16 per Site

Compute-only nodes: 0-21 per Site

(up to max cluster size)

7.6TB drive configs on HX240c AF M5 require HX 4.0(2c) release for full scale) Compute only nodes: 0-32 (up to max cluster size)

Converged nodes: 2-8 per Site

Compute-only nodes: 0-16 per Site

(up to max cluster size)

Converged nodes: 2-16 per Site

Compute-only nodes: 0-21 per Site

(up to max cluster size)

64

48

3

64

32

32

32 per Site/ 64 per cluster

24 per Site/ 48 per cluster

32 per Site/ 64 per cluster

Max Compute to Converged ratio

2:1*

2:1*

—

2:1*

1:1

1:1

2:1*

2:1*

2:1*

✔

✔

No

✔

✔

✔

✔**

✔**

✔**

3.5(2i)

CSCvs41636

CVE-2019-11745

It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution: Update the affected libnss3 package. See Also https://usn.ubuntu.com/4203-1/

Output:

Installed package : libnss3_2:3.28.4-0ubuntu0.16.04.6

Fixed package : libnss3_2:3.28.4-0ubuntu0.16.04.8

3.5(2i)

CSCvs43371

CVE-2008-5161

3.5(2i)

CSCvs41636

CVE-2019-11745

3.5(2i)

CSCvu99537

CVE-2017-1110, CVE-2017-11109,

CVE-2017-5953, CVE-2017-6349,

CVE-2017-6350, CVE-2018-20786,

CVE-2018-8740, CVE-2019-12387,

CVE-2019-12855, CVE-2019-13734,

CVE-2019-13750, CVE-2019-13751,

CVE-2019-13752, CVE-2019-13753,

CVE-2019-1547, CVE-2019-1549,

CVE-2019-1551, CVE-2019-1563,

CVE-2019-17023, CVE-2019-19603,

CVE-2019-19645, CVE-2019-19880,

CVE-2019-19923, CVE-2019-19924,

CVE-2019-19925, CVE-2019-19926,

CVE-2019-19956, CVE-2019-19959,

CVE-2019-20079, CVE-2019-20218,

CVE-2019-3689, CVE-2019-8457,

CVE-2019-9512, CVE-2019-9514,

CVE-2019-9515, CVE-2020-10108,

CVE-2020-10109, CVE-2020-10531,

CVE-2020-11655, CVE-2020-12049,

CVE-2020-12399, CVE-2020-12762,

CVE-2020-13434, CVE-2020-13435,

CVE-2020-13630, CVE-2020-13631,

CVE-2020-13632, CVE-2020-13790,

CVE-2020-7595, CVE-2020-8169,

CVE-2020-8177, CVE-2020-8597,

CVE-2020-9327

This product includes a version of Third-party Software that is affected by the vulnerabilities identified.

3.5(2i)

CSCvv15388

CVE-2020-14422

3.5(2i)

CSCvr36903

CVE-2015-9383, CVE-2016-3977,

CVE-2018-11490, CVE-2018-20406,

CVE-2018-20852, CVE-2019-10160,

CVE-2019-15133, CVE-2019-15903,

CVE-2019-5010, CVE-2019-5481,

CVE-2019-5482, CVE-2019-9636,

CVE-2019-9740, CVE-2019-9947,

CVE-2019-9948

Cisco HyperFlex includes a version of Ubuntu that is affected by the vulnerabilities identified.

3.5(2h)

CSCvs06094

CVE-2015-9383, CVE-2018-14498

CVE-2018-20406, CVE-2018-20852,

CVE-2019-10160, CVE-2019-13117,

CVE-2019-13118, CVE-2019-14287,

CVE-2019-14973, CVE-2019-15903,

CVE-2019-17546, CVE-2019-18197,

CVE-2019-18218, CVE-2019-5010,

CVE-2019-5094, CVE-2019-5481,

CVE-2019-5482, CVE-2019-9636,

CVE-2019-9740, CVE-2019-9947,

CVE-2019-9948

This bug is to address Tenable Scan Vulnerabilities.

3.5(2h)

CSCvp71632

CVE-2018-12127, CVE-2018-12126,

CVE-2018-12130, CVE-2019-11091

HyperV - Evaluation of HyperFlex for Intel 2019.1 QSR - MDS. The following Microsoft patches were tested:

Applies to: Windows 10, version 1607 Windows Server 2016

Applies to: Windows 10, version 1809 Windows Server 2019, all versions

For more information on the hypervisor-specific mitigation for HyperFlex systems running Hyper-V, see Microsoft KB4494440 (Windows Server 2016) and KB4494441 (Windows Server 2019).

3.5(2h)

CSCvp71634

CVE-2018-12127, CVE-2018-12126,

CVE-2018-12130, CVE-2019-11091

The Sequential-context attack vector is mitigated by a hypervisor update to the product versions listed in VMSA-2019-0008. This mitigation is enabled by default in ESXi and does not impose a significant performance impact according to VMware. The Concurrent-context attack vector is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2. These options may impose a non-trivial performance impact and are not enabled by default by ESXi. For more information on the hypervisor-specific mitigation for HyperFlex systems running ESXi, see VMware KB67577.

3.5(2g)

CSCvr20154

CVE-2019-10086

Multiple Vulnerabilities in commons beanutils commons-beanutils.

3.5(2g)

CSCvj95584

CVE-2019-12620

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device.

The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.

For more information, see the related Cisco Security Advisory.

3.5(2g)

CSCvo98516

CVE-2019-1975

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device.

This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.

For more information, see the related Cisco Security Advisory.

3.5(2g)

CSCvr03322

CVE-2014-9092, CVE-2015-9262,

CVE-2016-10087, CVE-2016-10165,

CVE-2016-10708, CVE-2016-10713,

CVE-2016-3616, CVE-2016-9318,

CVE-2017-10053, CVE-2017-10067,

CVE-2017-10074, CVE-2017-10078,

CVE-2017-10081, CVE-2017-10087,

CVE-2017-10089, CVE-2017-10090,

CVE-2017-10096, CVE-2017-10101,

CVE-2017-10102, CVE-2017-10107,

CVE-2017-10108, CVE-2017-10109,

CVE-2017-10110, CVE-2017-10111,

CVE-2017-10115, CVE-2017-10116,

CVE-2017-10118, CVE-2017-10135,

CVE-2017-10176, CVE-2017-10193,

CVE-2017-10198, CVE-2017-10243,

CVE-2017-10274, CVE-2017-10281,

CVE-2017-10285, CVE-2017-10295,

CVE-2017-10345, CVE-2017-10346,

CVE-2017-10347, CVE-2017-10348,

CVE-2017-10349, CVE-2017-10350,

CVE-2017-10355, CVE-2017-10388,

CVE-2017-15232, CVE-2017-16932,

CVE-2017-17512, CVE-2017-18258,

CVE-2017-3509, CVE-2017-3511,

CVE-2017-3526, CVE-2017-3533,

CVE-2017-3544, CVE-2018-0734,

CVE-2018-0735, CVE-2018-0737,

CVE-2018-1000030, CVE-2018-1000156,

CVE-2018-1000802, CVE-2018-1000807,

CVE-2018-1000808, CVE-2018-1060,

CVE-2018-1061, CVE-2018-10916,

CVE-2018-10963, CVE-2018-11212,

CVE-2018-11214, CVE-2018-1152,

CVE-2018-11574, CVE-2018-12384,

CVE-2018-12404, CVE-2018-13785,

CVE-2018-14404, CVE-2018-14567,

CVE-2018-14647, CVE-2018-15473,

CVE-2018-16428, CVE-2018-16429,

CVE-2018-16435, CVE-2018-16890,

CVE-2018-17100, CVE-2018-17101,

CVE-2018-18311, CVE-2018-18312,

CVE-2018-18313, CVE-2018-18314,

CVE-2018-18557, CVE-2018-18585,

CVE-2018-18661, CVE-2018-2579,

CVE-2018-2588, CVE-2018-2599,

CVE-2018-2602, CVE-2018-2603,

CVE-2018-2618, CVE-2018-2633,

CVE-2018-2634, CVE-2018-2637,

CVE-2018-2641, CVE-2018-2663,

CVE-2018-2677, CVE-2018-2678,

CVE-2018-2783, CVE-2018-2794,

CVE-2018-2795, CVE-2018-2796,

CVE-2018-2797, CVE-2018-2798,

CVE-2018-2799, CVE-2018-2800,

CVE-2018-2814, CVE-2018-2815,

CVE-2018-2952, CVE-2018-3149,

CVE-2018-3150, CVE-2018-3169,

CVE-2018-3180, CVE-2018-3183,

CVE-2018-3214, CVE-2018-6594,

CVE-2018-6951, CVE-2018-7456,

CVE-2018-8905, CVE-2019-2422,

CVE-2019-3462, CVE-2019-3822,

CVE-2019-3823, CVE-2019-6109,

CVE-2019-6111

Vulnerabilities in open source software components identified by routine scans.

3.5(2g)

CSCvq24176

CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex could allow an unauthenticated, adjacent attacker to execute commands as the root user.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

For more information, see the related Cisco Security Advisory.

3.5(2g)

CSCvo88997

CVE-2017-10053, CVE-2017-10067,

CVE-2017-10074, CVE-2017-10078,

CVE-2017-10081, CVE-2017-10087,

CVE-2017-10089, CVE-2017-10090,

CVE-2017-10096, CVE-2017-10101,

CVE-2017-10102, CVE-2017-10107,

CVE-2017-10108, CVE-2017-10109,

CVE-2017-10110, CVE-2017-10111,

CVE-2017-10115, CVE-2017-10116,

CVE-2017-10118, CVE-2017-10135,

CVE-2017-10176, CVE-2017-10193,

CVE-2017-10198, CVE-2017-10243,

CVE-2017-10274, CVE-2017-10281,

CVE-2017-10285, CVE-2017-10295,

CVE-2017-10345, CVE-2017-10346,

CVE-2017-10347, CVE-2017-10348,

CVE-2017-10349, CVE-2017-10350,

CVE-2017-10355, CVE-2017-10356,

CVE-2017-10357, CVE-2017-10388,

CVE-2017-3509, CVE-2017-3511,

CVE-2017-3526, CVE-2017-3533,

CVE-2017-3539, CVE-2017-3544,

CVE-2018-2579, CVE-2018-2582,

CVE-2018-2588, CVE-2018-2599,

CVE-2018-2602, CVE-2018-2603,

CVE-2018-2618, CVE-2018-2629,

CVE-2018-2633, CVE-2018-2634,

CVE-2018-2637, CVE-2018-2641,

CVE-2018-2663, CVE-2018-2677,

CVE-2018-2678, CVE-2018-2783,

CVE-2018-2790, CVE-2018-2794,

CVE-2018-2795, CVE-2018-2796,

CVE-2018-2797, CVE-2018-2798,

CVE-2018-2799, CVE-2018-2800,

CVE-2018-2814, CVE-2018-2815,

CVE-2018-2952, CVE-2018-3136,

CVE-2018-3139, CVE-2018-3149,

CVE-2018-3150, CVE-2018-3169,

CVE-2018-3180, CVE-2018-3183,

CVE-2018-3214, CVE-2019-2422

The vulnerabilities identified with JVM 1.8U121 results in a memory leak getting VC alarms (concurrent 40 calls using REST API).

3.5(2a)

CSCvj95606

CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex could allow an unauthenticated, adjacent attacker to perform a command injection as the root user.

The vulnerability is due to an unprotected listening interface. An attacker could exploit this vulnerability by connecting to the listening interface and injecting commands to the bound process. An exploit could allow the attacker to run commands on the affected host as the root user.

For more information, see the related Cisco Security Advisory.

3.5(2a)

CSCvn22303

CVE-2016-1000031

The vulnerabilities associated with the third-party software included in Apache Struts Commons FileUpload RCE.

3.5(2a)

CSCvm93059

CVE-2018-18074

The vulnerabilities associated with the software version included in the Python package, in the Ubuntu kernel.

3.5(2a)

CSCvm53142

CVE-2018-14598

CVE-2018-14599

CVE-2018-14600

The vulnerabilities associated with libx11.

3.5(2a)

CSCvm53132

CVE-2018-14622

The vulnerabilities associated with libtirpc.

3.5(2a)

CSCvm34693

CVE-2018-1060

The vulnerabilities associated with the software version included in Python pop3lib apop() Method Denial of Service.

3.5(2a)

CSCvm02920

CVE-2018-3615

CVE-2018-3620

CVE-2018-3646

The vulnerabilities associated with August CPU Side-Channel Information Disclosure.

3.5(2a)

CSCvk31047

CVE-2019-1664

The vulnerabilities associated with the hxterm service included in Cisco HX Data Platform.

3.5(2a)

CSCvj08921

CVE-2018-7750

The vulnerabilities associated with software version included in Paramiko transport.py Authentication Bypass.

3.5(2a)

CSCvj95590

CVE-2019-1667

The vulnerabilities associated with the Graphite interface included in Cisco HX Data Platform.

3.5(2a)

CSCvj95580

CVE-2019-1666

The vulnerabilities associated with the Graphite service included in Cisco HX Data Platform.

3.5(1a)

CSCvk59165

CVE-2019-1665

The vulnerabilities associated with the web-based management interface of Cisco HyperFlex software that may allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.

3.5(1a)

CSCvm29418

CVE-2017-18342

The vulnerabilities associated with the third-party software included in PyYAML.

3.5(1a)

CSCvm20484

CVE-2018-14682

CVE-2018-14679

CVE-2018-14680

CVE-2018-14681

The vulnerabilities associated with the libmspack software package version included in Cisco HX Data Platform.

3.5(1a)

CSCvm15800

CVE-2018-5391

Cisco HyperFlex System includes a version of the Linux kernel that is affected by the IP Fragment Reassembly Denial of Service Vulnerability

3.5(1a)

CSCvm10159

CVE-2015-9262

The vulnerabilities associated with libXcursor included in Cisco HX Data Platform.

3.5(1a)

CSCvk59406

CVE-2018-15407

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information.

3.5(1a)

CSCvk32464

No CVE ID has been assigned to this issue.

A vulnerability in file permissions of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive files.

3.5(1a)

CSCvk22858

CVE-2018-15382

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate signed session tokens.

3.5(1a)

CSCvk09234

CVE-2018-1092, CVE-2018-7492

CVE-2018-8087, CVE-2018-1068

CVE-2018-8781

The vulnerabilities associated with the Ubuntu Linux kernel version included in Cisco HX Data Platform.

3.5(1a)

CSCvk05700

CVE-2018-12015

The vulnerabilities associated with the perl software package version included in Cisco HX Data Platform.

3.5(1a)

CSCvk05679

CVE-2014-9620

CVE-2014-9653

CVE-2015-8865

CVE-2018-10360

CVE-2014-9621

The vulnerabilities associated with the file software package version included in Cisco HX Data Platform.

3.5(1a)

CSCvk00405

CVE-2016-6796

CVE-2017-12615

CVE-2017-7674

CVE-2016-0762

CVE-2016-6797

CVE-2017-12616

CVE-2018-1304

CVE-2016-5018

CVE-2016-6816

CVE-2017-12617

CVE-2017-5647

CVE-2016-6794

CVE-2016-8735

The vulnerabilities associated with the Apache Tomcat software package version included in Cisco HX Data Platform.

3.5(1a)

CSCvj95644

CVE-2018-15423

A vulnerability in the web interface of the Cisco HyperFlex Software could allow an unauthenticated remote attacker to affect the integrity of the device via a clickjacking attack.

3.5(1a)

CSCvj81584

CVE-2010-4172, CVE-2011-1088

CVE-2011-1582, CVE-2009-0783

CVE-2011-5062, CVE-2013-4590

CVE-2016-0762, CVE-2017-5648

CVE-2012-2733, CVE-2014-0099

CVE-2016-5018, CVE-2018-1304

CVE-2014-0230, CVE-2016-6816

CVE-2011-2729, CVE-2013-2071

CVE-2015-5346, CVE-2017-12616

CVE-2009-3555, CVE-2010-4476

CVE-2011-1183, CVE-2011-2204

CVE-2011-3190, CVE-2013-4286

CVE-2015-5351, CVE-2017-12617

CVE-2011-5063, CVE-2014-0050

CVE-2016-0763, CVE-2017-5664

CVE-2012-3439, CVE-2014-0119

CVE-2016-6794, CVE-2018-1305

CVE-2012-4534, CVE-2014-7810

CVE-2016-8735, CVE-2011-2481

CVE-2010-2227, CVE-2011-0013

CVE-2011-1184, CVE-2012-5568

CVE-2015-5174, CVE-2016-8745

CVE-2011-3375, CVE-2013-4322

CVE-2016-0706, CVE-2017-15706

CVE-2011-5064, CVE-2014-0075

CVE-2016-3092, CVE-2017-6056

CVE-2012-3544, CVE-2014-0160

CVE-2016-6796, CVE-2018-8014

CVE-2011-1475, CVE-2005-2090

CVE-2012-4431, CVE-2010-3718

CVE-2011-0534, CVE-2012-3546

CVE-2014-0227, CVE-2016-6797

CVE-2011-2526, CVE-2013-2067

CVE-2015-5345, CVE-2017-12615

CVE-2011-3376, CVE-2013-4444

CVE-2016-0714, CVE-2017-5647

CVE-2012-0022, CVE-2014-0096

CVE-2016-3427, CVE-2017-7674

The vulnerabilities associated with the Apache Tomcat 7.x version included in Cisco HX Data Platform.

3.5(1a)

CSCvj99081

CVE-2017-16612

CVE-2018-8012

CVE-2018-10237

The vulnerabilities associated with the Apache zookeeper version included in Cisco HX Data Platform.

3.5(1a)

CSCvj95632

CVE-2018-15382

A vulnerability in Cisco HyperFlex could allow an unauthenticated, remote attacker to generate signed session tokens.

3.5(1a)

CSCvj08923

CVE-2018-6594

The vulnerabilities associated with the El Gamal implementation in PyCrypto included in Cisco HX Data Platform.

3.5(1a)

CSCvj08160

CVE-2017-5715

CVE-2017-5753

CVE-2017-5754

The vulnerabilities associated with the HyperFlex Controller VM software for Windows Server with Microsoft Hyper-V.

3.5(1a)

CSCvj63266

CVE-2018-1000300

CVE-2018-1000301

CVE-2018-1000303

The vulnerabilities associated with CURL software package included in Cisco HX Data Platform.

3.5(1a)

CSCvj61269

CVE-2018-0494

The vulnerabilities associated with GNU Wget version included in Cisco HX Data Platform.

3.5(1a)

CSCvj55521

CVE-2018-8897, CVE-2018-1087

CVE-2018-1000199

The vulnerabilities associated with Linux kernel version included in Cisco HX Data Platform.

3.5(1a)

CVE-2015-9262

CVE-2018-3639

CVE-2017-3640

The vulnerabilities associated with May CPU Side-Channel affecting Cisco HX Data Platform.

3.5(1a)

CSCvj42966

—

The vulnerability associated with the Data Protection clone api return value.

3.5(1a)

CSCvi88567

CVE-2017-16995

CVE-2017-0861

CVE-2017-1000407

CVE-2017-11472

CVE-2017-15129

CVE-2017-16528

The vulnerabilities associated with Linux kernel version included in Cisco HX Data Platform.

3.5(1a)

CSCvi60720

—

This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the Cisco HyperFlex HX Data Platform.

3.5(1a)

CSCvi48372

CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform software could allow an unauthenticated, remote attacker to access sensitive information on an affected system.

3.5(1a)

CSCvi46951

CVE-2017-7529

The vulnerabilities associated with the nginx software package version included in Cisco HX Data Platform.

3.5(1a)

CSCvi47250

CVE-2011-3389

The vulnerabilities associated with the OpenSSL Protocol software package version included in Cisco HX Data Platform.

3.5(1a)

CSCvi26246

CVE-2016-3092

CVE-2013-0248

CVE-2014-0050

The vulnerabilities associated with the Apache commons-file upload version included in Cisco UCS.

3.5(1a)

CSCvi50910

CVE-2016-2183

The vulnerabilities associated with the DES and Triple DES ciphers software package version included in Cisco HX Data Platform.

CSCvu69826

stcli cluster reregister command fails with the error:

Storage cluster reregistration with a 
new vCenter failed.
java.rmi.RemoteException: VI SDK invoke exception:; 
nested exception is:
java.rmi.RemoteException: Exception in WSClient.invoke
:; nested exception is:
java.lang.NullPointerException

3.5(2h)

3.5(2i)

CSCvr89066

Old files in /var/support/ZKTxnlog are not purged with the daily zklog-cleanup cron job.

3.5(2c)

3.5(2i)

CSCvr89510

A HyperV cluster with RF2 has 2 simultaneous drives failures on 2 different nodes. This makes the cluster critical. Even after fixing the 2 failed drives, some VMs fail to power on.

4.0(2a)

3.5(2i)

CSCvp97422

When network partition heals, the cluster becomes healthy but the datastores on one of the nodes remains unavailable for some time.

3.5(2g)

3.5(2i)

CSCvr16760

The HyperFlex cluster healing state is stuck at 87% and is unable to progress.

3.5(2f)

3.5(2i)

CSCvs22477

Sometimes it is observed that storfs was killed and restarted due to Out of Memory (OOM) situation.

3.5(2e)

3.5(2i)

CSCvs54285

A cluster node may hang in the Linux kernel. This is classified as an oops and a deviation from the expected behavior.

3.5(2h)

3.5(2i)

CSCvo21125

During ESXi upgrade, it waits forever and then times out with error "Waiting for vCenter to connect to cluster node". On the vCenter we see that the host has already joined back.

3.5(1a), 3.5(2h)

3.5(2i)

CSCvq45087

During deployment phase, HX-Installer successfully deploys SCVM and creates 'admin' username with preprovisioned password.

In case, when password contains special symbol(s) like ":", subsequent attempts to login into the same VM using admin credentials fails.

3.5(2a)

3.5(2i)

CSCvs55422

Reduction of System log folder to alarming rate due to tomcat logs.

2.5(1b)

3.5(1a)

4.0(2a

3.5(2i)

CSCvt16158

Starting with new 6.5 and 6.7 ESXi releases, HX clusters with certain ESXI build numbers won't be able to do a direct ESXi upgrade to 6.5 and 6.7 versions. If the build number is older, a two step upgrade is required to get to the latest 6.5 and 6.7 ESXi builds.

4.0(2a)

3.5(2i)

CSCvr97089

High percentage of packet loss on the HyperFlex Storage Controller.

3.5(2g)

3.5(2i)

CSCvu58631

HX 3.5(2h) SED stretch cluster expansion fails as converged node is not listed in server selection page.

3.5(2h)

3.5(2i)

CSCvs47419

Regenerating new SSL cert and performing re-register with vCenter results in fingerprint mismatch.

3.5(2g)

3.5(2h)

CSCvr15546

On older HX software, the self-signed certificate shows expiry as Dec 2019 with SHA1 as the certificate being used. This does not have any functional impact to the cluster.

3.5(2g)

3.5(2h)

CSCvr92004

Unable to login to HXconnect. User sees authentication failure error message during login.

3.5(2g)

3.5(2h)

CSCvs18117

HX Connect login reports "access token invalid" when fetching replication info.

3.5(2g)

3.5(2h)

CSCvq65056

After expanding an upgraded cluster from a 2.6 cluster to HX 4.0(1b), vMotion fails when tried to and from the expanded node.

3.5(2g)

3.5(2h)

CSCvr37488

Pre-upgrade fails on the last node with Downgrade error.

3.5(2g)

3.5(2h)

CSCvr75305

Node add hangs intermittently forever.

3.5(2e)

3.5(2h)

CSCvr96151

Error in server selection page for ESXI on branch 3.5.2i-32123.

3.5(2i)

3.5(2h)

CSCvs02458

Intermittent Upgrade Failure when upgrading to HX 3.5.(2g).

3.5(2g)

3.5(2h)

CSCvs04926

On an HX 3.5(2g) cluster, when upgrading UCS Server firmware via HX Connect, it shows one of the following errors:

getUcsAvailablePackagesLocalizable
Message(Operation did not complete in expected
 time and maybe executing in the background.,None
,None,Operation did not complete in expected time
 and maybe executing in the background.,ArrayBuffer())

getUcsHfpVersionsLocalizableMessage
(Operation did not complete in expected time and 
maybe executing in the background.,None,None,Operation
 did not complete in expected time and maybe 
executing in the background.,ArrayBuffer()

3.5(2g)

3.5(2h)

CSCvr44548

Expansion workflow is not setting hfp for the M3 compute node.

3.5(2g)

3.5(2h)

CSCvr67532

The HX240C-M5L specification sheet states that PID HX-HD12T7KL4KN is supported starting with HXDP 4.0(1a). No validation error is triggered. The deployment fails at the "Cluster Creation" step with the error: "Disk prepare failed magnetic disk /dev/sdX", and the disks are blacklisted.

3.5(2e)

3.5(2h)

CSCvk25616

Datastores not mounted in Vcenter/ESXi after host reboot.

3.0(1d)

3.5(2g)

CSCvk37044

Set computer account fails due to the use of "." in the username.

3.0(1d)

3.5(2g)

CSCvm77294

While upgrading a cluster, the following error appears: "Failed upgrade validations: Checking vCenter configuration. Reason: Upgrade validations failed. DRS Fault: Insufficient resources to satisfy configured failover".

3.5(1a)

3.5(2g)

CSCvn21067

Support bundle does not connect files from /var/support/ZKTxnlog

3.0(1i)3.5(2a)

3.5(2g)

CSCvn23123

Storfs node PANIC with segmentation fault at replication stat update

3.0(1b)

3.5(2g)

CSCvn23812

HyperFlex's controller VM can be configured to have a CA signed certificate for HTTPS communication instead of a default shipped certificate. However, during an upgrade, the CA signed certificate gets overridden by the default certificate prompting the user to configure the CA signed certificate again.

3.5(2a)

3.5(2g)

CSCvn51578

After performing procedure to remove node, stcli cluster reregister for vCenter fails.

3.5(2a)

3.5(2h)

3.5(2g)

CSCvn63359

After modifying the timezone using stcli command, the date always comes in UTC (default).

3.5(2a)

3.5(2g)

CSCvr92004

Unable to log in to HX-Connect. User sees authentication failure error message during log in.

3.5(2g)

3.5(2g)

CSCvp17427

CSCvm47257

Stcli cluster storage-summary takes a long time to return on 16+ node cluster when one node reboots.

3.5(1a)

3.5(2g)

CSCvp58739

HX Install/Upgrade validation fails due to SAS controller being on firmware 09.00.00.06.

3.5(2c)

3.5(2g)

CSCvp63958

HX replication cleanup failing with error: "INFO:DR state is NOT clean".

3.5(2a)

3.5(2g)

CSCvp64140

During cluster creation, the following error occurs on installer: "Failure occurred during Cluster Creation process: Unable to post the content to the down-stream".

3.5(2f)

3.5(2g)

CSCvp64572

ICMP redirection enabled.

3.5(1a)

3.5(2g)

CSCvp65666

In HX Connect under Activity, Job Type: encryptionLocal* will have status: Success but will show the job as if it was still running. Spinning in progress icon is visible with RunStep: next to it.

3.5(2a)

3.5(2g)

CSCvp89523

When a HyperFlex Cluster is deployed on an ACI Fabric, with HX MGMT and HX Storage in the same Bridge Domain, we see ARP responses from wrong HX Storage Controller interface, causing incorrect ARP learning to occur. On the ACI Fabric, we see MAC moves for HX IPs.

3.5(2b)

3.5(2g)

CSCvp95655

When installing Hyperflex from Intersight for 3Node and FI Managed UCS/HX Cluster. One of the steps which shows running is "Witness Node IP Reachability Check".

Ideally this shouldn't show unless if it is Stretch Cluster. It appears all the tasks for HX installation are run even though some might be skipped.

3.5(2g)

3.5(2g)

CSCvq01506

During the online upgrade process from releases prior to 2.5 to a post 2.5 release, there is a change in the metadata format. Metadata for files that were truncated during the upgrade window, are not set correctly and this may cause the cluster to go down.

2.1(1b)

3.5(2g)

CSCvq04252

HX Release 3.5(2b) installer fails on the hypervisor configuration step with no visible error. UCSM configuration completes, but Hypervisor Configuration seems to not start.

3.5(2a)

3.5(2g)

CSCvq06952

Snapshot creation on CBT enabled VM fails with error "Failed in vmreparent vmkfstools clone1".

3.5(2c)

3.5(2g)

CSCvq15987

Cluster expansion fails with error: "SP template org-root/org-hx-cluster/ls-compute-nodes-m5 does not exist".

3.5(2b)

3.5(2g)

CSCvq33538

"Internal Error" while running commands 'asupcli --all post --type alert' and 'asupcli --all ping'

3.0(1b)

3.5(2g)

CSCvq34873

Memory usage by carbon cache.

3.5(2b)

3.5(2g)

CSCvq60925

If HX Cluster is upgraded from prior to Release 3.5(1a), and cluster expansion is done in that sequence, then the existing UCS Servers will go into "Pending Reboot", which is seen in UCS Manager.

3.5(2d)

3.5(2g)

CSCvq64208

When Witness Node is powered off, HX Connect still shows witness node online.

3.5(2f)

3.5(2g)

CSCvq70832

User has created macpool with b1 in 5th octet for external storage like iscsi and assigned vmnic9 to b1 which is not a suggested macpool configuration as per the documentation and that caused the logic to pick A1 and B1 macs for mgmt which resulted in unsupported configuration while going through the kernel migration step as part of upgrade. This caused the HX upgrade to break.

As per the documentation link, for external storage user is suggested to create a macpool with 00:25:B5:XX:01:01-63 which would have avoided the problem.

3.5(2d)

3.5(2g)

CSCvq77016

LAZ was disabled previously but got enabled again after recovery from outage.

3.5(2d), 4.0(1b)

3.5(2g)

CSCvq86205

During cluster expansion, validation may fail with the following error: "hw_data_disk_same_size. hw_data_disk_same_size_fail". This is caused by UCS discovering disk with slight variance in size, 1 to 500 Mb for example. This variance exists between disks from different vendors or even same vendors.

3.5(2e)

3.5(2g)

CSCvq84609

On a large scale cluster, HX Connect failed with error message “server call failure.”.

3.5(2g)

3.5(2g)

CSCvq90989

The failure to upgrade or operate in HX maintenance mode due to this defect is extremely rare. This defect is exposed if the witness VM is inadvertently shared across different stretched clusters or incorrectly configured (for example, IP reuse/conflict).

3.5(2f)

3.5(2g)

CSCvq94105

Stretched Cluster status is lost when the cluster is shutdown. The cluster state shows normal until the cluster is back online.

3.5(2f)

3.5(2g)

CSCvq96085

After cluster expansion, some of the datastores failed to mount, and had to manually be mounted using HX Connect..

3.5(2d)

3.5(2g)

CSCvq99358

Unable to expand Stretched Cluster when nodes have SED drives.

3.5(2f)

3.5(2g)

CSCvr06432

On Stretched Cluster, after Cluster Management IP goes down, takes 10+ minutes for new Cluster Management IP to be accessible

3.5(2f)

3.5(2g)

CSCvr08735

Out of memory on 2 nodes during maintenance on a 3rd node.

3.5(2a)

3.5(2b)

3.5(2d)

3.5(2g)

CSCvr11632

Unable to access Stretched Clusters via HX Connect when the vCenter server is offline.

3.5(2e)

3.5(2g)

CSCvr22391

lsass error joining controller to domain.

3.5(2e)

3.5(2g)

CSCvr28095

Tomcat / HTTP 500 errors when viewing jobs ([Activity] within HX Connect).

3.5(2b)

3.5(2g)

CSCvr44129

Storfs not started during upgrade from pre-3.5(2d) to post-3.5(2d) in one or more nodes

3.5(2f)

3.5(2g)

CSCvq89852

HX-Connect reports Stretched Cluster as standard cluster after transition from offline to online state.

3.5(2a)

3.5(2e)

3.5(2f)

3.5(2f)

CSCvq53058

When the Witness VM has a high RTT times (>50ms) from any of the two Stretched Cluster sites, there is a possibility under heavy transaction load that the cluster failover or failback times may be very high.

3.5(1a)

3.5(2f)

CSCvq58829

During site failover, cluster hits an APD due to slow response from cluster metadata replication.

3.5(1a)

3.5(2f)

CSCvq17778

After back-to-back failovers on one site, the cluster encountered a failure that lead to zookeeper going offline.

3.5(2d)

3.5(2f)

CSCvq89852

HX Connect reports Stretched Cluster as standard cluster after transition from offline to online state.

3.5(2a)

3.5(2f)

CSCvs28167

In order to install or complete a node replacement on Cisco HyperFlex, customers need to download an HX Installer OVA (Open Virtual Appliance) file; include to deploy a stretched cluster, customers additionally need to download a Witness OVA. All of the code posted on CCO prior to the posting of release HX 3.5(2g) was discovered to have expired certificates as of 11/26/19. Cisco has re-signed and re-posted OVA files associated with HX releases 3.5(2e), 3.5.2(f), 3.5.2(g), 4.0(1a) and 4.0(1b) with updated certificates. For other releases, attempts to deploy an OVF template with an expired OVA will fail with the following error message: “The OVF package is signed with an invalid certificate”.

Conditions:

If customers are deploying HX 3.5(2e), 3.5.2(f), 3.5.2(g), 4.0(1a) or 4.0(1b), Cisco has re-signed and re-posted OVA files and customers will not experience the problem if they use the patched OVA files. Look for a “p1” suffix in the OVA filenames, which indicates that OVA file has been fixed:

File Name Examples:

HX 3.5(2f) patched OVA file for Cisco HyperFlex Data Platform Installer for VMware ESXi:

Cisco-HX-Data-Platform-Installer-v3.5.2f-31787p1-esx.ova

Cisco HyperFlex Data Platform Stretched Cluster Witness:

HyperFlex-Witness-1.0.6p1.ova

Customers using the OVA files for other HX releases, refer to the following workaround.

Workaround

There are two options to move forward after failing to deploy with an OVA file that is affected (applies to the installer and witness OVA files).

Option A - Remove the local manifest file.

The manifest file can be deleted so vCenter does not check the validity of the certificate.

1. Download and extract the OVA file to a local directory.

2. Remove the .mf file

3. Add the remaining files to a new archive and change the file extension from '.tar' to '.ova'

4. Proceed to deploy that newly created OVA file using “Deploy by OVF Template” in vCenter. vCenter will show the file as not having a certificate. This is expected and the deployment should continue without issue.

Option B - Remove the local manifest file.

Manually deploy with ovftool – Use VMware's ovftool to deploy the OVA while bypassing the certificate check. The ovftool can be downloaded and run on customer's computer. The ovftool also comes pre-installed on HX Controller VMs. This is helpful for node replacements and cluster expansions.

1. Use ovftool to deploy the OVA file to a datastore while raising the --skipManifestcheck switch. For example,

   root@SpringpathControllerABCDEFGH:~# ovftool --skipManifestCheck -ds=datastore http://<path to
           ova>/Cisco-HX-Data-Platform-Installer-v3.5.2c-31725-esx.ova vi://root@<IP of management ESX
           host>/

2. The OVA should be deployed and present in vCenter on the ESXi host previously specified.

3. Power on the VM and console into it

4. Login to the VM with the default username/password combination of root / Cisco123

5. Set the IP of the VM statically by issuing: vi /etc/network/eth0.interface

6. Change 'iface eth0 inet dhcp' to 'iface eth0 inet static'. Each of the following needs to be on their own line and tab indented

   address <desired ip address of installer>

   netmask X.X.X.X

   gateway X.X.X.X

   <esc> :wq

7. After the file is reviewed and saved, restart the VM. The VM should now boot with the desired IP address

8. The first login via the WebGUI (still using default username/password combination) will have the user change the password.

9. After the password change the user can begin the desired install/expand/node replacement activity.

3.5(1a)

3.5(2f)

CSCvo39912

UCSM Only upgrade stalled as part of HX upgrade.

3.5(2d)

3.5(2f)

CSCvq91142

Hyper-V: Cluster shows offline/APD. Seg faults during NS master ownership transfer.

3.5(2a)

3.5(2f)

CSCvn67512

SED Data SSDs may power down after firmware upgrade.

3.0(1d)

3.5(2f)

CSCvq17778

After back-to-back failovers on one site, the cluster encountered a failure that lead to zookeeper going down.

3.5(2d)

3.5(2f)

CSCvq89852

HX Connect reports stretch cluster as standard cluster after transition from offline to online state.

3.5(2a)

3.5(2f)

CSCvq53058, CSCvq58829

For Witness VMs with high RTT times (>50ms) to any of the stretch cluster sites, there is a possibility under heavy transaction load for failover or failback times to be impacted.

3.0(1i)

3.5(1a)

3.5(2f)

CSCvq18919

Sometimes during Stretched Cluster failover, the cluster resource manager component goes down due to file write error.

3.5(2d)

3.5(2e)

CSCvs28167

In order to install or complete a node replacement on Cisco HyperFlex, customers need to download an HX Installer OVA (Open Virtual Appliance) file; include to deploy a stretched cluster, customers additionally need to download a Witness OVA. All of the code posted on CCO prior to the posting of release HX 3.5(2g) was discovered to have expired certificates as of 11/26/19. Cisco has re-signed and re-posted OVA files associated with HX releases 3.5(2e), 3.5.2(f), 3.5.2(g), 4.0(1a) and 4.0(1b) with updated certificates. For other releases, attempts to deploy an OVF template with an expired OVA will fail with the following error message: “The OVF package is signed with an invalid certificate”.

Conditions:

If customers are deploying HX 3.5(2e), 3.5.2(f), 3.5.2(g), 4.0(1a) or 4.0(1b), Cisco has re-signed and re-posted OVA files and customers will not experience the problem if they use the patched OVA files. Look for a “p1” suffix in the OVA filenames, which indicates that OVA file has been fixed:

File Name Examples:

HX 3.5(2e) patched OVA file for Cisco HyperFlex Data Platform Installer for VMware ESXi:

Cisco-HX-Data-Platform-Installer-v3.5.2e-31762p1-esx.ova

Cisco HyperFlex Data Platform Stretched Cluster Witness:

HyperFlex-Witness-1.0.4p1.ova

Customers using the OVA files for other HX releases, refer to the following workaround.

Workaround

There are two options to move forward after failing to deploy with an OVA file that is affected (applies to the installer and witness OVA files).

Option A - Remove the local manifest file.

The manifest file can be deleted so vCenter does not check the validity of the certificate.

1. Download and extract the OVA file to a local directory.

2. Remove the .mf file

3. Add the remaining files to a new archive and change the file extension from '.tar' to '.ova'

4. Proceed to deploy that newly created OVA file using “Deploy by OVF Template” in vCenter. vCenter will show the file as not having a certificate. This is expected and the deployment should continue without issue.

Option B - Remove the local manifest file.

Manually deploy with ovftool – Use VMware's ovftool to deploy the OVA while bypassing the certificate check. The ovftool can be downloaded and run on customer's computer. The ovftool also comes pre-installed on HX Controller VMs. This is helpful for node replacements and cluster expansions.

1. Use ovftool to deploy the OVA file to a datastore while raising the --skipManifestcheck switch. For example,

   root@SpringpathControllerABCDEFGH
   :~# ovftool --skipManifestCheck -ds=datastore
    http://<path to
           ova>/Cisco-HX-Data-Platform-Installer-
   v3.5.2c-31725-esx.ova vi://root@<IP of management ESX
           host>/

2. The OVA should be deployed and present in vCenter on the ESXi host previously specified.

3. Power on the VM and console into it

4. Login to the VM with the default username/password combination of root / Cisco123

5. Set the IP of the VM statically by issuing: vi /etc/network/eth0.interface

6. Change 'iface eth0 inet dhcp' to 'iface eth0 inet static'. Each of the following needs to be on their own line and tab indented

   address <desired ip address of installer>

   netmask X.X.X.X

   gateway X.X.X.X

   <esc> :wq

7. After the file is reviewed and saved, restart the VM. The VM should now boot with the desired IP address

8. The first login via the WebGUI (still using default username/password combination) will have the user change the password.

9. After the password change the user can begin the desired install/expand/node replacement activity.

3.5(1a)

3.5(2e)

CSCvq18771

CSCvq02860

HX-SD16T123X-EP caching drive is assigned persistence role while the HX-SD960G61X-EV gets recognized as a cache drive.

3.5(2c)

4.0(1a)

3.5(2e)

CSCvc38351

Cluster Expansion failed because incorrect MTU size was selected in Installer.

1.8(1c)

3.5(1a)

3.5(2e)

CSCvq18919

During stretch cluster failover, zookeeper goes down due to epoch file write error.

3.5(2d)

3.5(2e)

CSCvp29431

HX clusters running Release 3.0.(1c) hit an All Paths Down (APD) condition, and VMs became inaccessible

3.0(1c)

3.5(2e)

CSCvp37536

HX Stretch Cluster Witness VM reverts to DHCP on reboot.

3.5(1b)

3.5(2e)

CSCvq13099

HyperFlex post_install.py script generates incorrect message on run health check step.

3.5(2d)

3.5(2e)

CSCvq18919

Sometimes during Stretched Cluster failover, the cluster resource manager component goes offline due to file write error.

3.5(2d)

3.5(2e)

CSCvc38351

CSCvp55109

MTU changed to 1500 on vm-network after node expansion, which was set as 9000 earlier.

3.5(1a)

3.5(2c)

CSCvm58031

Tomcat and Nginx logs are not being collected in the support bundle generated through HX Connect in Release 3.5.

3.5(1a)

3.5(2d)

CSCvp40474

Multiple Hyper-V Hyperflex hosts are unable to access datastores, even when cluster is healthy.

3.5(2a)

3.5(2d)

CSCvp90129

On stretch clusters, when the cluster experiences a failure or a maintenance window that results in rebalance, some nodes may experience panics.

3.5(2c)

3.5(2d)

CSCvo36198

When retrieving a list of alarms, Virtual Machines or events, message appears intermittently - "Virtual Center unreachable" or "Resource information cannot be updated".

3.5(1a)

3.5(2c)

CSCvp58804

Generating support bundle(s) from HX Connect may leak memory and cause cluster health to diminish due to Out of Memory issues.

3.5(2a)

3.5(2c)

CSCvo75522

Losing data network on one site causes whole cluster to not be accessible. For more information, see the "Preinstallation Checklist" and "Troubleshooting for Site-to-Site Failover" section in the Cisco HyperFlex Systems Stretched Cluster Guide, Release 3.5.

3.0(1c)

3.5(1a)

3.5(2c)

CSCvp32000

On power outage of nodes, cache re-distribution may be done sub-optimally.

3.5(1a)

3.5(2c)

CSCvk46364

A node shuts down when two disks are replaced (a caching disk and another capacity disk), where the capacity disk is inserted first and then the caching disk is inserted.

2.6(1b)

3.5(2c)

CSCvo67207

HA for some VMs may be sub-optimal in a site-to-site network condition.

3.5(2a)

3.5(2c)

CSCvp42925

Any modification from the HX installer is causing LLDP to be disabled on all HX vNICs.

3.5(1a)

3.5(2c)

CSCvp41404

Incorrect space reporting on node failures and site-failure in stretch-cluster deployments.

3.0(1a)

3.5(1a)

3.5(2c)

CSCvh08977

When an HX Snapshot is taken with the Quiesced Option, through HX Connect or through an external Backup Vendor, the Virtual Center VM Snapshot Manager will not list the snapshot as being quiesced. The Hyperflex implementation uses out of band quiescing that is not known to the VMware API. When an HX Snapshot API request succeeds, it is reasonable to expect that the snapshot quiesced correctly.

Check with your Backup vendor if they rely on HX Quiesced Snapshots.

3.0(1c)

3.5(1a)

CSCvk17250

HX Drive PID HX-SD38TBE1NK9 has two different models with different sector sizes (8K and 4K). When the different drive versions are used together in releases 3.5.2a or below, Hyperflex node may experience panics.

The following error message is seen in /var/log/springpath/debug-storfs.log:

storfs[1437:1538]: SUPPORT: PANIC: PANIC ON CONDITION (trustSegmentMetaData == true && CError_Ok(err) == false): PackingError at file /opt/git/cypress/src/modules/kvstore/kvindex.c line 1265

This can cause the cluster to become unrecoverable.

The minimum HXDP version for configurations using the above drive is 3.5(2b) or above. Existing clusters running with this drive need to be upgraded to HXDP version 3.5(2b) or above before adding new nodes to the cluster or new drives to existing clusters.

3.0(1d)

CSCvn73127

Kernel migration fails when a local datastore is searched for in the ESXi host.

3.0(1d)

3.5(2b)

CSCvn37805

HX Replication clean up fails to complete and Zookeeper has stale replication configuration.

2.5(1a)

3.5(2b)

CSCvn17787

The cluster creation/cluster expansion workflow stops with the following error message at the validation step.

FIRMWARE-Check UCSC-SAS-M5HD

FIRMWARE-Check UCSC-SAS-M5HD : Required: 00.00.00.29,00.00.00.32,00.00.00.35,00.00.00.50, Found: 00.00.00.58;

Action Needed: Update the Controller Firmware to Required Version

3.5(2a)

CSCvh80044

HX Connect UI allows creation of a datastore by duplicating an existing datastore name that differs only in case. For example, Ds3, ds3, dS3 are allowed as valid datastore.

3.0(1a)

CSCvn60486

While upgrading a Hyper-V cluster, on account of a rare race condition between the stUpgradeService and Zookeeper servers, the upgrade orchestration throws an upgrade validation error, and the upgrade process is aborted.

3.5(2a)

3.5(2b)

CSCvn54300

During upgrade remove the VLAN on team created for user vSwitch.

During fresh installation, only one VLAN tag is set to the vSwitch and team, although multiple VLANs were entered.

CSCvh04307

Installing software packages on the storage controller VM fails with the following error:

In addition, after upgrade from Release 2.6(1e) to 3.0(1c), the following conditions are seen:

• The upgrade is stuck on checking cluster readiness state for a long time.

• The stcli cluster information shows the SED disks as unavailable, and hence the cluster cannot recover to a healthy state.

3.0(1a)

3.5(2a)

CSCvk09073

During upgrade from Release 2.x to 3.x, if the upgrade encounters a failure, the cluster management IP address may no longer be reachable (not present on any of the controller VMs)

CSCvk46179

In a large cluster, “Server Call Failed” error may be seen in HX Connect.

3.5(1a)

3.5(2g)

CSCvm53972

During automatic software repair of a failing disk, a write command to the disk hung in the I/O subsystem. This prevented other nodes from communicating with this node for several minutes.

2.6(1b), 3.5(1a)

3.5(2a)

CSCvm66552

Multiple simultaneous 3.8TB SED SSD drive failures due to a drive firmware bug may cause the HX cluster to go offline. For more details, see the related Software Advisory.

3.0(1c)

3.5(2a)

CSCvm97558

Controller VM restarts due to Out-of-memory condition.

3.0(1c)

3.5(2a)

CSCvn07634

After attempting a Release 3.5(1a) node expansion on a cluster that was initially deployed prior to Release 3.5(1a), a vCON policy reference fault is triggered. In addition, any pre-existing service profiles created prior to expansion may be placed in a pending acknowledgment state.

3.5(1a)

3.5(2a)

CSCvn52412

When deploying Kubernetes for HX, in HX Connect UI when a user enables all nodes (selects Settings > Integrations > Kubernetes > Enable All Nodes), ESXi hosts cannot access datastores under the following conditions:

• The HX cluster was deployed via Intersight, or,

• The HX cluster is manually deployed with storage CMIP value configured on all ESXi hosts iscsi vmk.

3.5(1a)

3.5(2a)

CSCvn59508

During upgrade from earlier releases to Release 3.5(1a), cluster expansion may fail due to missing CRM entries related to node site map.

3.5(1a)

3.5(2a)

CSCvn59619

When an HX Quiesced Snapshot is taken, the ID of the snapshot returned may not be correct under certain circumstances and may impact your Backup vendors integration with HX Snapshots.

Check with your Backup vendor if they rely on HX Quiesced Snapshots.

3.5(2a)

3.5(2a)

CSCvp52171

CSCvm60845

Using stcli node remove with node-ID option succeeded, but did not remove the node.

2.6(1d), 3.0(1c), 3.5(1a)

3.5(2a)

Hyper-V

CSCvm59573

In some cases, Hyper-V OS installation fails during hypervisor configuration in the installation process.

3.5(1a)

3.5(2a)

ESXi, Installation, Upgrade, Expansion, Management

CSCvk62990

HX deployments on M5 servers with ESXi version 6.0 may experience a PSOD during install or upgrade workflows.

2.6(1a)

3.5(1a)

CSCvk39622

HX Connect displays alarms with a “Lockdown mode enabled on one or more nodes in the cluster” message. In addition, the alarms are manually reset to green.

3.5(1a)

3.5(1a)

CSCvj90575

Smartmons tool reports Reallocated_Sector_Ct values for Samsung SATA drive (disk model MZ7LM480HMHQ)

3.0(1a)

3.5(1a)

CSCvi34303

HX Connect UI displays an error when any table is exported in.CSV format and opened in excel.

3.0(1a)

3.5(1a)

Hyper-V

CSCvm53679

HX Installer fails and HXBootstrap.log contains the following message:

"Unable to find a default server with Active Directory Web Services running."

3.0(1e)

3.5(1a)

Datastore access leads to frequent alerts. In addition, the SMB SCVM client log file (/var/log/springpath/debug-smbscvmclient.log) shows a message similar to the following for host data IP address of the host on which that controller is hosted.

3.5(1a)

CSCvk18743

The Storage Controller VM is down for an extended period of time that may cause the VMs to power off.

3.0(1a)

3.5(1a)

CSCvw21968

Support Bundle page in cross launched HX Connect and stand-alone HX Connect shows a blank page.

• Delete the Connected TAC generated support bundles in the path /var/support/asup_default for each controller VM in the cluster. These can be identified with "_intersight_" text in the filename.

• Generate support bundles only from Standalone HX Connect (i.e logging to HX Connect on cip controller VM)

3.5(2i)

CSCvu48941

HX cluster outages when there is a CATERR, if no-drop class is configured for storage traffic.

N/A

3.5(2h)

CSCvs35307

Bootstrap from HX 2.1x or lower to HX 3.5(2g) fails, incompatible Java version.

Please open a service request to have corrective action performed, then upgrade to HX 3.5(2f).

3.5(2g)

CSCvs02466

M.2 boot disk is missing from server inventory after upgrade to server firmware 4.0(4e). As a result server fails to boot to OS installed in the M.2 disk. The issue persists after re-acknowledgement as well as de-commission and re-acknowledgement of the server.

1. De-commission the server

2. Power drain the server - REMOVE BOTH POWER CORDS ON THE BACK OF THE SERVER FOR 10 SECONDS, THEN REINSERT POWER CORDS.

3. Re-commission the server.

4.0(4e)

CSCvq38279

Hyper-V: When replicated DC was used, then during install time, Windows failover cluster was not created successfully.

Clean up the fail over cluster and then recreate the fail over cluster. No need to touch the HX storage cluster.

3.5(2e)

CSCvq65830

Hyper-V: VM corrupted after migrating from one host to another.

NA

3.5(2e)

CSCvp98910

After 2 node network partition heals, datastore on the isolated node is not available for 15 minutes.

There are two options:

1. Wait 15-20 minutes for the ARP entry to time out, then the datastore will become mounted again.

2. Manually reset the ARP entry by following these steps:

   Check the current eth1:0 mac address from both HyperFlex Controller VMs and node the IP/Mac. Run ifconfig eth1:0 from the shell of the controller VM. On the node where the datastore is unavailable, check the mac address entries for the above IP addresses in the ESXi ARP cache using the following command: esxcli network ip neighbor list. If the IP address is assigned to the incorrect mac address, purge the entry from the ARP table as shown below.

   esxcli network ip neighbor remove
    -a <IP_address> -v 4

3.5(2g)

4.0(1a)

CSCvq94462

Multiple DNS servers causing expansion validation error; stcli to validate.

NA

3.5(2d)

CSCvv21905

UCSM Read-Only user missing error in the encryption page on HX Connect UI, later while authenticate UCSM with credentials it throws an error of invalid CSRF token.

Run the following commands:

stcli security encryption ucsm-ro-user create --hostname <FI-IP> --username <FI-user-name> --password <FI-password>

stcli security encryption ucsm-ro-user show

3.5(1a)

CCvq53058

CSCvq49412

Cluster may observe a temporary All Paths Down (APD) condition during site failover depending upon the used storage capacity and the latency on the link to the Witness node.

None in Release 3.5(2e). However, if an APD occurs, the condition will clear up on its own after some time and IO will resume. The fix to avoid the APD will be available in an upcoming release.

3.5(2a)

CSCvq532080

CSCvq54992

HXDP support for EMC Recover Point – Manual workaround required.

Manually install/upgrade scvmclient VIB and make sure that it matches the current HX Data Platform version.

3.5(2b)

CSCvm99150

Changing MTU from 9000 to 1500 on one ESX node causes storfs process to restart on all nodes.

1. Do not change MTU at ESX level on running cluster.

2. Reset back to the original value.

3.5(1a)

3.5(2a)

CSCvn73383

A cluster is shutdown for maintenance. However, due to an existing defect, disks on one node were not published when that node was rebooted again. The cluster failed to come back online.

This workaround is to fix the disk failures on that node, so that all disks are published and re-start the cluster again.

3.0(1c)

CSCvo70650

The cluster expand fails on a node with DR replication configured. When an HX cluster which has DR replication configured is expanded we see the installer UI pulling in the replication VLAN information instead of the management VLAN information. Even if we change that information to the correct mgmt VLAN id and name it does not seem to work as the node is configured with the VLAN of the replication VLAN in ESXi. This leads to the failure of the node add with the host unreachable error.

Have to identify that the replication VLAN is being used. Then log to the KVM and update the MGMT VLAN to the correct VLAN ID and retry the cluster expand.

3.5(2a)

CSCvq11456

HyperFlex stcli cluster info does not show UCSM VIP address.

NA

3.5(2d)

CSCvq22844

Add message to HX Connect Progress flow to not Acknowledge Pending Activities and reboot the servers on UCSM.

HX Connect is doing a controlled rolling server upgrade in the background.

NA

3.5(2d)

CSCvn11045

HX node keeps crashing after node restarted.

Verify if the interface is up and that you can ping the loopback interface by running the following commands:

ifconfig -a

ping 127.0.0.1

- bring up the loopback interface

ip link set lo up

- check service is running

status scvmclient

status storfs

- start below services

start scvmclient

start storfs

3.5(1a)

3.0(1e)

CSCvp93442

storfs crash with (tune.fileAIOPanicOnStuckIO): IO request timer expired.

NA

3.5(2b)

CSCvp96650

Sub-org field entry is not being fetched during cluster expansion in the UCSM configuration step. The input field for sub-org in the UCSM page shows up empty.

In the JSON configuration file, enter the sub-org name and then export that configuration. Then the validation will not fail.

Use the import json configuration file feature to import the json with the correct sub-org name detail so that the value gets picked up during validation and does not result in failure.

3.5(2b)

CSCvo86431

When a node is in Maintenance Mode, any disk removal or replacement will be reflected in UI only after the node is brought back from maintenance mode. This is because storfs is not running on the node in maintenance, and will not be able to detect disk activities until it is brought out of MM.

Bring the node out of Maintenance Mode.

3.5(2a)

CSCvp79511

HX Upgrade Release 2.1(1c) > 3.0(1i) was allowed when ESXi/vCenter was not on 6.0u3 or later.

Upgrade ESXi and vCenter to 6.0u3 before attempting upgrade.

3.0(1i)

Install, Upgrade, Expand

CSCvp88990

HyperFlex upgrade fails due to SCVM unable to login to ESXi.

Copy the SSH public key to the authorized key file on the ESXi host

On SCVM:

cat /etc/ssh/ssh_host_rsa_key.pub

**Copy all output that is a single line, do not copy anything past the end of the key even if your terminal window does not put the hostname on a new line

Input the key from the previous output into ESXi's authorized key file:

vi /etc/ssh/keys-root/authorized_keys

*after entering only the above output into file, exit and save the file

Now when you try to SSH from the SCVM to ESXi it should be permitted without asking for password. Try to continue upgrade. If upgrade continues to fail, contact Cisco TAC

3.0(1i)

3.5(2c)

CSCvj22992

CSCvs26028

VM appears on multiple nodes.

To recover the VM, copy over the data disks and attach them to the new VM.

3.0(1b)

CSCvn99088

Shavlik snapshot causes protected VM to become unprotected.

Delete the Shavlik snapshot.

3.0(1a)

CSCvo19250

No warnings/alerts generated when cluster capacity is above 70% utilization.

Increase storage capacity (new node or disks) or reduce storage usage (delete unused VMs and snapshots).

3.0(1i)

CSCvo56350

When upgrading to ESXi 6.7 EP06 a PSOD is encountered after a reboot.

Upgrade to ESXi 6.7 Express Patch 08.

CSCvo83276

VM powers off during backup VM snapshot.

Retake the snapshot.

3.5(1a)

CSCvp19670

Cluster MGMT IP does not come back up after cluster shutdown.

Start cip-monitor on each storage controller VM.

Manually mount datastores.

CSCvp26319

Release 3.5(2b) FlexVol to 4.0 CSI upgrade does not work. FlexVol continues to work.

1. Update the conf file manually to change to the link local address to *.

2. Restart scvmclient on the controller and ESX.

CSCvp49720

APD when putting zk leader to MM on a 2 node ROBO setup.

Stop zookeeper on the node, make a copy of the zookeeper database, delete the files in the database directory and restart zookeeper.

CSCvp60476

After node expansion, zookeeper database not updated with node information, and as a result 'Node IP Settings' in 'stcli cluster info' does not show information for expanded node.

3.5(2a)

CSCvp42679

HyperFlex: UCSM Upgrade in Queued State when current and desired firmware are identical.

Upgrade needs to be forcefully cleaned. Run the following command:

# stcli cluster upgrade --clean
 --components ucs-fw --ucsm-host
 14.39.51.225 

3.5(2b)

CSCvp62167

After power outage cluster hits panic

NA

3.5(2a)

CSCvp63635

CSCvm36103

Unable to re-enable SSH after upgrade.

NA

3.5(2a)

CSCvp65649

Limited access as Admin user.

NA

3.5(2a)

CSCvp65824

Incorrect nodes status during upgrade from Release 3.5(2b) to 4.0(1a).

NA

4.0(1a)

Management

CSCvp09978

Cluster info shows Smart call home is enabled, even though it is disabled.

Use the command stcli services sch show instead.

3.5(2b)

CSCvs08218

When Commvault backs up virtual machines running within a HyperFlex cluster, native HyperFlex snapshots are taken and removed upon completion. However, vCenter reports "VM disk consolidation is required" within vSphere. This alert is thrown for the existing sentinel snapshot that is not updated regularly. Commvault needs sentinel snapshot to be present for native HX snapshots to be taken.

Commvault also reports error as part of the data aging job: HX Failed to delete Snap. Error Message - Delete snapshot snapshot-100 failed for entity vm-xx. A previously issued Snapshot Now task is in progress on this entity.

Fix for this issue is available in Hotfix Pack SP16.36.

1. Take another snapshot via Commvault. The error message goes away.

2. Delete the sentinel snapshot and create again (this might stun the VM).

3. Ignore/suppress alert on vCenter.

3.5(2b)

CSCvp78288

When adding disks to cluster I/O freezes for 96 seconds.

No intervention required, cluster recovers on its own.

3.5(2a)

CSCvp89523

When a HyperFlex Cluster is deployed on an ACI Fabric, with HX MGMT and HX Storage in the same Bridge Domain, we see ARP responses from wrong HX Storage Controller interface, causing incorrect ARP learning to occur. On the ACI Fabric, we see MAC moves for HX IPs.

HX MGMT and HX Storage should be in separate Bridge Domains. Reference Table 21 in the following CVD:

3.0(1i)

CSCvp93442

storfs crash with (tune.fileAIOPanicOnStuckIO): IO request timer expired.

Contact TAC.

3.5(2b)

CSCvp96650

Sub-org field entry is not being fetched during cluster expansion in the UCSM configuration step. The input field for sub-org in the UCSM page shows up empty.

In the JSON configuration file, enter the sub-org name and then export that configuration. Then the validation will not fail.

Use the import json configuration file feature to import the json with the correct sub-org name detail so that the value gets picked up during validation and does not result in failure.

3.5(2b)

CSCvo86431

When a node is in Maintenance Mode, any disk removal or replacement will be reflected in UI only after the node is brought back from maintenance mode. This is because storfs is not running on the node in maintenance, and will not be able to detect disk activities until it is brought out of MM.

Bring node out of Maintenance Mode.

3.5(2a)

CSCvp79511

HX upgrade to Release 3.0(1i) was allowed while vCenter and ESXi were both on version 6.0u2 although version check requires version 6.0u3.

Upgrade ESXi and vCenter to 6.0u3 before attempting upgrade

3.0(1i)

CSCvp86483

Cannot reset HyperFlex root or admin passwords without knowing existing password.

Contact TAC.

4.0(1a)

Install, Upgrade, Expand

CSCvp78288

When adding disks to cluster I/O freezes for 96 seconds.

No intervention required, cluster recovers on its own.

3.5(2a)

CSCvh09129

Cluster Expansion: Validation (sufficient DR IP address) should occur before adding the node to the cluster.

Ensure there are sufficient replication IP addresses available for assignment to new nodes in the cluster. If necessary, modify the replication network configuration to include additional IP ranges.

2.6(1a)

CSCve73004

UCS Manager does not update the disk firmware status, if a firmware upgrade from 2.1(1b) to 2.5 was initiated by the HX Data Platform.

Perform a soft reset:

# CIMC-soft-rest

2.5(1a)

CSCvb94112

CSCvb91660

HX Installer may be stuck at Cluster Expansion Validation screen during the cluster expansion process.

1. Check logs to verify that the expansion workflow is hung.

2. In your browser, type http://ip_of_installer/api/reset to restart the workflow.

1.8(1c)

Hyper-V

CSCvm05523

In rare cases, live migration of VMs fails with error code 0x138D.

Refer to the following workarounds from Microsoft and retry the operation:

• Server 2016 S2D Cluster unable to Drain Role

• Live migrations fail during drain from Cluster-Aware Updating

• Draining Nodes for Planned Maintenance with Windows Server 2012

3.0(1e)

CSCvi56910

Shortly after datastore creation, directory listing may fail with an error, " The process cannot access the file \\xyz.cloud.local\\ds1 as it is being used in another process."

Wait for a minutes after datastore creation and retry the command.

3.0(1a)

CSCvi16323

You may not be able to navigate to a specific HX-Datastore in Hyper-V Manager (Remote) as the HX-Datastore is grayed-out, and the Inspect Disk option is unavailable.

This is a known issue.

3.0(1a)

CSCvh25238

Hyper-V: During HX Data Platform deployment, the controller VM may be assigned with only one DNS address if you add more than one IP address for DNS.

Usually the primary DNS is sufficient for the HX Controller VM to work. If you need additional DNS, edit the eth0 interface file in the controller VM to add the additional DNS.

3.0(1a)

Management

CSCvf90091

When incorrect gateway is provided, errors are seen in a cluster, after cluster creation.

Log in to the controller VM and correct the gateway.

2.5(1c)

Replication

CSCvf29202

Recovery might not include disks that are not in the same folder on a datastore as the virtual machine being protected.

If any virtual machine disk resides outside the same folder and datastore of a protected virtual machine:

1. Move the disk to the same folder on the datastore.

2. Then add (re-add) the disk to the virtual machine.

This ensures protection and recovery work successfully.

2.5(1a)

Encryption

CSCvf17183

CSCvd000362

If a CIMC reboots while a modify-security command is in-progress, and the server is secured with local key management, a subsequent disable-security command may fail, because the server doesn't know the correct key to use.

CIMC was rebooted while a modify-security command was in-progress.

Log in to the controller VM and use the sed-client to update the physical drive keys to match the server's key.

2.5(1a)

CSCvf06510

UCS Manager might indicate partially disabled encryption security.

No action required. This is a sync issue between reporting interfaces.

To verify from HX Connect, select System Information > Disks > Security. All disks and the controller VM should indicate Security Disabled.

2.5(1a)

Install, Upgrade, Expand

CSCvx37435

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.

Please refer to the Security Advisory.

3.5(1a)

CSCvx36014

A Unauthorized Remote Code Execution (login request) could allow an unauthenticated, remote attacker to perform a command injection attack against an affected device.

Please refer to the Security Advisory.

3.5(1a)

CSCvx36019

A Unauthorized Remote Code Execution (login request) could allow an unauthenticated, remote attacker to perform a command injection attack against an affected device.

Please refer to the Security Advisory.

3.5(1a)

CSCvx36028

A Unauthorized File Upload Vulnerability could allow an unauthenticated, remote attacker to upload files to an affected device.

Please refer to the Security Advisory.

CSCvx52126

A Unauthorized File Upload Vulnerability could allow an unauthenticated, remote attacker to upload files to an affected device.

Please refer to the Security Advisory.

CSCvo69067

Adding drive to a cluster fails to increase cluster capacity.

Contact Cisco TAC for resolution.

3.5(2b)

3.5(2h)

CSCvh04307

Installing software packages on the storage controller VM fails with the following error:

“There are locked drives on the system, unlock them and retry deployment.”

In addition, after upgrade from Release 2.6(1e) to 3.0(1c), the following conditions are seen:

• The upgrade is stuck on "checking cluster readiness" state for a long time.

• The stcli cluster information shows the SED disks as unavailable, and hence the cluster cannot recover to a healthy state.

Contact Cisco TAC for more Release 3.0(1c) information to recover from this issue.

3.0(1a)

CSCve73004

UCS Manager does not update the disk firmware status, if a firmware upgrade from 2.1(1b) to 2.5 was initiated by the HX Data Platform.

Perform a soft reset:

# CIMC-soft-rest

2.5(1a)

CSCvb94112

CSCvb91660

HX Installer may be stuck at Cluster Expansion Validation screen during the cluster expansion process.

1. Check logs to verify that the expansion workflow is hung.

2. In your browser, type http://ip_of_installer/api/reset to restart the workflow.

1.8(1c)

Hyper-V

CSCvm05523

In rare cases, live migration of VMs fails with error code 0x138D.

Refer to the following workarounds from Microsoft and retry the operation:

• Server 2016 S2D Cluster unable to Drain Role

• Live migrations fail during drain from Cluster-Aware Updating

• Draining Nodes for Planned Maintenance with Windows Server 2012

3.0(1e)

CSCvi56910

Shortly after datastore creation, directory listing may fail with an error, " The process cannot access the file \\xyz.cloud.local\\ds1 as it is being used in another process."

Wait for a minutes after datastore creation and retry the command.

3.0(1a)

CSCvi16323

You may not be able to navigate to a specific HX-Datastore in Hyper-V Manager (Remote) as the HX-Datastore is grayed-out, and the Inspect Disk option is unavailable.

This is a known issue.

3.0(1a)

CSCvh25238

During HX Data Platform deployment, the controller VM may be assigned with only one DNS address if you add more than one IP address for DNS.

Usually the primary DNS is sufficient for the HX Controller VM to work. If you need additional DNS, edit the eth0 interface file in the controller VM to add the additional DNS.

3.0(1a)

Management

CSCvj31645

In rare cases, duplicate or dummy storage controller VMs (stCtlVMs) running windows appear in ESXi clusters.

If you see this issue, perform the 3.0(1b) following:

1. Delete the dummy stCtlVMsfrom the vCenter.

2. Cleanup the old extensions.

3. Re-register to the original vCenter.

3.0(1e)

CSCvg47332

Using the quiesce option for a VM with a HX snapshot may cause the VM to be stunned.

If you plan to use the quiesce option, do not use it for a VM that has a HX snapshot.

If you need to use the quiesce option, delete all HX snapshots and use VMware snapshots.

2.1(1b)

CSCvf90091

When incorrect gateway is provided, errors are seen in a cluster, after cluster creation.

Log in to the controller VM and correct the gateway.

2.5(1c)

CSCvf25130

HX Connect times out after 30 minutes.

com.vmware.vim25. 
Not Authenticated

Retry refresh HX Connect through the browser or HX Connect buttons. Alternatively, log out of HX Connect and log back in.

This is a known VMware issue. See VMware KB, vCenter Server logs report the error: SOAP session count limit reached (2004663).

2.5(1a)

Replication

CSCvf29202

Recovery might not include disks that are not in the same folder on a datastore as the virtual machine being protected.

If any virtual machine disk resides outside the same folder and datastore of a protected virtual machine:

1. Move the disk to the same folder on the datastore.

2. Then add (re-add) the disk to the virtual machine.

This ensures protection and recovery work successfully.

2.5(1a)

Encryption

CSCvf17183

If a CIMC reboots while a modify-security command is in-progress, and the server is secured with local key management, a subsequent disable-security command may fail, because the server doesn't know the correct key to use.

CIMC was rebooted while a modify-security command was in-progress.

Log in to the controller VM and use the sed-client to update the physical drive keys to match the server's key.

2.5(1a)

CSCvf06510

UCS Manager might indicate partially disabled encryption security.

No action required. This is a sync issue between reporting interfaces.

To verify from HX Connect, select System Information > Disks > Security. All disks and the controller VM should indicate Security Disabled.

2.5(1a)

CSCvq41985

Cisco IMC 4.0(1a)

Open

3.5(2i)

May 7, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.0(4l) qualified for HX 3.5(2i) and 3.5(2h).

3.5(2i)

April 29, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.1(3c) qualified for HX 3.5(2i).

3.5(2i)

March 17, 2021

Updated link to indicate UCSM 4.1(2f) is the recommended Host Upgrade Utility (HUU) for M5 for HX 3.5(2x).

3.5(2i)

March 11, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.0(4k) is the recommended release.

3.5(2i)

February 19, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.1(2c) qualified for HX 3.5(2i) and HX 3.5(2h).

3.5(2i)

February 10, 2021

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate new new UCSM versions qualified for HX 3.5(2x) release.

3.5(2i)

January 7, 2021

Updated Software Requirements for VMware ESXi to indicate limitations using ESXi 6.7 U3.

3.5(2i)

December 22, 2020

Updated Software Requirements for VMware ESXi to indicate limitations using ESXi 6.7 U3.

3.5(2i)

December 7, 2020

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate new UCSM versions qualified for HX 3.5(2i), HX 3.5(2h), HX 3.5(2g), HX 3.5(2f) and HX 3.5(2e) releases.

3.5(2i)

October 22, 2020

Created release notes for Cisco HX Data Platform Software, Release 3.5(2i).

3.5(2h)

September 24, 2020

Updated Recommended FI/Server Firmware - 3.5(x) Releases to indicate UCSM 4.1(1e) qualified for HX 3.5(2g) and HX 3.5(2h) releases.

3.5(2h)

September 14, 2020

Updated Recommended FI/Server Firmware - 3.5(x) Releases Recommended Firmware Version to UCSM 4.1(1h).

3.5(2h)

September 4, 2020

Updated Recommended FI/Server Firmware - 3.5(x) Releases Recommended FI/Server Firmware to UCSM 4.0(4i) for HX 3.5(2g) and HX 3.5(2h) releases.

3.5(2h)

August 11, 2020

• Added column for M4/M5 Qualified FI/Server Firmware. Listed USCM 4.1(2a) as qualified for HX 3.5(2h).

• Added CSCvv21905 to the list of Open Caveats for HX 3.5(2h), 3.5(2g), 3.5(2f), 3.5(2e), 3.5(2d), 3.5(2c), 3.5(2b), 3.5(2a), 3.5(1a).

3.5(2g)

July 23, 2020

Updated Recommended FI/Server Firmware - 3.5(x) Releases. Added qualification for Cisco UCS Manager 4.0(4i) and 4.1(1d).

3.5(2h)

July 16, 2020

Added Resolved Caveats for HX 3.5(2h), HX 3.5(2g), HX 3.5(2f) and HX 3.5(2e).

3.5(1a)

May 15, 2020

HX 3.5(1a) - End of Life

3.5(2h)

May 4, 2020

• Updated Host Upgrade Utility (HUU) for M5 to UCS 4.0(4k) for HX 3.5(2h).

• Added description of HX REST API Access Token Management in Guidelines and Limitations section.

3.5(2h)

March 30, 2020

Updated M4 and M5 Recommended FI/Server Firmware to UCS 4.0(4h) for HX 3.5(2g).

3.5(2h)

March 24, 2020

Updated M4 and M5 Recommended FI/Server Firmware to UCS 4.0(4h) for HX 3.5(2h). Identified HX 3.5(1a) as Unsupported. Added CSCvs08218 to the list of Open Caveats in HX 3.5(2b).

3.5(2h)

March 5, 2020

Added upgrade reminder for HyperFlex versions 3.0(1x) and 3.5(1x) as these versions are unsupported and have been declared end-of-life. Removed references to HX 3.0 requirements.

3.5(2h)

January 28, 2020

Added CSCvs47419 to the list of Resolved Caveats in HX 3.5(2h).

3.5(2h)

January 21, 2020

Created release notes for Cisco HX Data Platform Software, Release 3.5(2h).

3.5(2c)

January 14, 2020

Updated release notes for deferred Cisco HyperFlex Release HX 3.5(2c).

3.5(2g)

January 10, 2020

Added CSCvs35307 to the list of Open Caveats for HX 3.5(2g).

3.5(2g)

December 23, 2019

Updated M4 and M5 Recommended FI/Server Firmware to UCS 4.0(4e) for HX 3.5(2f), 3.5(2e), and 3.5(2d).

3.5(2g)

December 13, 2019

Added CSCvs28167 to the list of Resolved Caveats for HX 3.5(2g), 3.5(2f), 3.5(2e). Added CSCvs28167 to the list of Open Caveats for HX 3.5(2d), 3.5(2c), 3.5(2b), 3.5(2a), 3.5(1a).

3.5(2g)

November 25, 2019

Added CSCvs02466 to the list of Open Caveats.

3.5(2g)

November 19, 2019

Updated info in the Upgrade Guidelines section.

3.5(2g)

November 7, 2019

Updated info in the HyperFlex Edge and Firmware Compatibility Matrix for 3.x Deployments section.

3.5(2g)

October 25, 2019

Added CSCvj95606 and CSCvq24176 to the list of Security Fixes.

3.5(2g)

October 21, 2019

Created release notes for Cisco HX Data Platform Software, Release 3.5(2g).

3.5(2f)

September 17, 2019

3.5(2f)

September 10, 2019

3.5(2f)

September 6, 2019

Created release notes for Cisco HX Data Platform Software, Release 3.5(2f).

3.5(2f)

September 6, 2019

3.5(2e)

August 23, 2019

3.5(2e)

August 21, 2019

3.5(2e)

August 8, 2019

Added bullet describing the "Cisco HyperFlex Systems Upgrade Guide for Unsupported Cisco HX Releases" in the Upgrade Guidelines section.

3.5(2e)

August 2, 2019

Added important note indicating HyperFlex does not support UCS server firmware 4.0(4a), 4.0(4b), and 4.0(4c).

3.5(2e)

July 22, 2019

Created release notes for Cisco HX Data Platform Software, Release 3.5(2e).

3.5(2d)

July 15, 2019

• Updated UCS Manager interoperability for SED-based HyperFlex systems in "Supported Versions and System Requirements" section.

• Updated Release 3.5(2b) support for ESXi 6.7 U2 in "Supported VMware vSphere Versions and Editions".

3.5(2d)

June 20, 2019

Added HyperFlex Edge and Firmware Compatibility Matrix tables.

3.5(2d)

June 19, 2019

• Added CSCvp40474 to the list of "Resolved Caveats in Release 3.5(2d)".

• Updated workaround information for CSCvp40474 in list of "Open Caveats in Release 3.5(2b)".

3.5(2d)

June 11, 2019

Created release notes for Cisco HX Data Platform Software, Release 3.5(2d).

3.5(2c)

May 31, 2019

Moved CSCvo36198 to the list of "Resolved Caveats in Release 3.5(2c)".

3.5(2c)

May 29, 2019

• Added important note about not using Release 3.5(2c) with Stretch Clusters.

• Added CSCvp90129 to the list of "Open Caveats in Release 3.5(2c)" section.

3.5(2c)

May 21, 2019

• Added note describing UCS/UCSM Install issue CSCvo13678.

• Added reference to Stretched Cluster Guide for CSCvo75522 in the "Resolved Caveats in Release 3.5(2c)" section.

• Updated link to Hypercheck TechNote article in "Upgrade Guidelines" section.

• Updated CSCvo70723 in "Open Caveats in Release 3.5(2b)" section.

3.5(2c)

May 20, 2019

Created release notes for Cisco HX Data Platform Software, Release 3.5(2c).

3.5(2b)

May 16, 2019

Added CSCvp58804 to the list of "Open Caveats in Release 3.5(2b)".

3.5(2b)

May 2, 2019

Added CSCvk38003 to the list of "Resolved Caveats in Release 3.5(2b)".

3.5(2a)

January 8, 2019

Created release notes for Cisco HX Data Platform Software, Release 3.5(2a).

3.5(1a)

November 21, 2018

Revised format for the "Cisco HX Data Platform Storage Cluster Specifications" section.

3.5(1a)

November 6, 2018

• Added vCenter version 6.7U1 in the "Supported vSphere Versions" section.

• Removed deprecated releases - 1.8, 2.0, 2.1, 2.5 from the "Supported vSphere Versions" table.

• Added CSCvn07634 to the list of "Open Caveats in Release 3.5(1a)".

3.5(1a)

October 16, 2018

Created release notes for Cisco HX Data Platform Software, Release 3.5(1a).

Provides an editable file for gathering required configuration information prior to starting an installation. This checklist must be filled out and returned to a Cisco account team.

Provides detailed information about Day 0 configuration of HyperFlex Systems and related post cluster configuration tasks. It also describes how to set up multiple HX clusters, expand an HX cluster, set up a mixed HX cluster, and attach external storage.

Stretched Cluster Guide

Provides installation and configuration procedures for HyperFlex Stretched cluster, enabling you to deploy an Active-Active disaster avoidance solution for mission critical workloads.

Installation Guide on Microsoft Hyper-V

Provides installation and configuration procedures on how to install and configure Cisco HyperFlex Systems on Microsoft Hyper-V.

Provides deployment procedures for HyperFlex Edge, designed to bring hyperconvergence to remote and branch office (ROBO) and edge environments.

Provides information about how to manage and monitor the cluster, encryption, data protection (replication and recovery), ReadyClones, Native snapshots, and user management. Interfaces include HX Connect, HX Data Platform Plug-in, and the stcli commands.

HyperFlex Intersight Installation Guide

Provides installation, configuration, and deployment procedures for HyperFlex Intersight, designed to deliver secure infrastructure management anywhere from the cloud.

Provides information on how to upgrade an existing installation of Cisco HX Data Platform, upgrade guidelines, and information about various upgrade tasks.

Provides information about HyperFlex Systems specific network and external storage management tasks.

Provides CLI reference information for HX Data Platform stcli commands.

Provides information on how to use the Cisco PowerShell Cisco HXPowerCLI cmdlets for Data Protection.

REST API Getting Started Guide

REST API Reference

Provides information related to REST APIs that enable external applications to interface directly with the Cisco HyperFlex management plane.

Provides troubleshooting for installation, configuration, to configuration, and to configuration. In addition, this guide provides information about understanding system events, errors, Smart Call Home, and Cisco support.

Provides independent knowledge base articles.